Bazaar2 Monthly Report - March 2016

Added by hans over 1 year ago

We have updated the report format to group content into the five key objectives of the Bazaar2 project, and includes highlights of progress under each objective.

*Objective 1 Simple multi-pronged distribution

  • Increased build automation and reproducibility of F-Droid repository
  • Progress towards automated publishing of apps to Android Observatory and VirusTotal

Our work on improving reproducible build tools and processed continued this quarter. At the beginning of March, we were finishing up the automation of the F-Droid build server setup used by F-Droid for building apps. It now runs in a nightly build in Jenkins to keep the process running smoothly. We're also close to getting the F-Droid setup integrated into, which will allow us to run builds to check the reproducibility of the entire F-Droid repository of apps on a regular basis.

We have been working on supporting uploading releases to Android Observatory as well as VirusTotal. The former is a web interface to a large repository of Android applications which allows users to search or browse through thousands of Android apps and retrieve metadata for those apps. VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

In addition, these additional tasks were completed:
  • Finished architecture work to support F-Droid gradle plugin for seamless integration with standard Android workflows:
  • Started work with Copperhead on first level of malware protection based on source scanning
  • Finalized Android SDK packages in Ubuntu/xenial 16.04, due to be released this month:
  • `apt-get install android-sdk`. Work ongoing in Debian/testing for further improvements.
  • Got F-Droid's make build server running in Guardian Project's jenkins test server

Objective 2 Curation Tools for Organizations

No significant progress on this objective in March.

Objective 3 Modern App Store with Built-in Circumvention

  • Improved user experience on installation and upgrade of apps in F-Droid
  • Created and released new circumvention code libraries, samples and developer documentation book chapter

This month we focused on designing the implementation of background downloading of apps. The goal is to give users a fast, fluid experience for installing and upgrading many apps at a time. Currently, you have to wait for the app to download and install, which causes confusion and many aborted installations. Implementation will begin in April.

We also worked on re-architecting core parts of the client app to support a flexible, modern user experience by making lots of pieces operate as independent services, while moving the overall communications to be driven by events, for example, "user pressed install", "download this file", "download complete", "install this file", "install complete".

In addition, as part of our work in improving our libraries for circumvention features, and to promote these capabilities more broadly, we began working with Mark Murphy in February, a well known expert and author in the Android development community. In March, Mark completed a new chapter for “The Busy Coder's Guide to Android Development” on the use of NetCipher. This included integration code to tie NetCipher into OkHttp3 (including using it with Retrofit), HttpURLConnection, Apache's independent packaging of HttpClient, and Volley.

You can find the new chapter online here: and a ZIP file containing sample projects and HTTP integration code: The chapter and code are licensed under the Creative Commons and Apache 2.0 license respectively.

Objective 4 Partner Deployments

Announced new partnership to provide Bazaar2-compatible secure Android OS and devices for easy availability to partners, organizations and individuals

At the end of March, we were excited to publicly announce and formalize a partnership between Copperhead, F-Droid and Guardian Project. This was done as a lead-up to a crowdfunding event that is being planned to support the work on CopperheadOS and as a mechanism to test the market for selling a device that includes the work supported by the Bazaar2 project, built in by default.

The goal is to create a solution that can be verifiably trusted from the operating system, through the network and network services, all the way up to the app stores and apps themselves. Through a future planned crowdfunded and commercial offering, the partnership will provide affordable off-the-shelf solutions, including device hardware and self-hosted app and update distribution servers, for any individual and organizations looking for complete mobile stacks they can trust.

Read more about the partnership and plans here:

Objective 5 Usability Research on In-country Developers

We continued work with partners deploying apps for users in Iran and China, to better understand the existing channels and means used to get apps to users safely and effectively. Increased promotion of apps in April and May will result in more useful feedback for our efforts.